install-then-update-trap-detector
Helps detect the install-then-update attack pattern — where a skill passes initial security review cleanly, then silently introduces malicious behavior through an automatic update that bypasses re-audit. v1.1 adds cryptographic chain-of-custody verification for update sequences.
Packaged view
This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.
Install command
npx @skill-hub/cli install openclaw-skills-install-then-update-trap-detector
Repository
Skill path: skills/andyxinweiminicloud/install-then-update-trap-detector
Helps detect the install-then-update attack pattern — where a skill passes initial security review cleanly, then silently introduces malicious behavior through an automatic update that bypasses re-audit. v1.1 adds cryptographic chain-of-custody verification for update sequences.
Open repositoryBest for
Primary workflow: Run DevOps.
Technical facets: Full Stack, Security, Testing.
Target audience: everyone.
License: Unknown.
Original source
Catalog source: SkillHub Club.
Repository owner: openclaw.
This is still a mirrored public skill entry. Review the repository before installing into production workflows.
What it helps with
- Install install-then-update-trap-detector into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
- Review https://github.com/openclaw/skills before adding install-then-update-trap-detector to shared team environments
- Use install-then-update-trap-detector for development workflows
Works across
Favorites: 0.
Sub-skills: 0.
Aggregator: No.